Compliance & security
Data residency
Where the vendor actually stores and processes your data.
Data residency is *where* (geographically) a vendor stores and processes the data you send it. It matters because legal regimes apply by the location of the data, and in healthcare some regimes (Swiss FADP, several EU cantons, parts of US state law) prefer or require in-country processing for clinical records.
Vendors with "regional" hosting (e.g. Swiss users routed to a Swiss region, EU users routed to an EU region) can simultaneously serve multiple regimes.
See also
- GDPR โ EU data-protection law โ non-negotiable for any EU healthcare deployment.
- FADP / revDSG (Swiss) โ Switzerland's revised Federal Act on Data Protection โ stricter than GDPR in some respects.
- On-device AI โ AI that runs entirely on the clinician's own machine, so data never reaches a cloud.